[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Generic CBC-MAC specification




Before people start going crazy over this subject, it might be helpful
of people read the I-O resolution document first.  

For example, you'd might discover that 3DES-CBC-MAC was proposed to be
used only as a pseudo-random function (PRF), NOT as a MAC.  And, that if
no PRF is negotiated the default PRF of the HMAC form of the negotiated
hash algorithm is used.

The security properties required of a pseudo-random function are very
different from those required of a MAC.  

So, the main question before us is not that of security, but of
interoperability, with apparently more than one documented way of a
CBC-MAC.  Question: has anyone actually implemented 3DES-CBC-MAC as a
PRF to be used in ISAKMP/Oakley?  If so, how did you do it?  The FIPS-81
way, or X9.19 way?

If no one has implemented 3DES-CBC-MAC as a PRF, the simplest way of
solving this problem is to drop it from the draft altogether, and let
IPSECOND worry about documenting alternative PRF's if people don't want
to use HMAC.  

We need to get these documents out, guys.  Time is a ticking, and things
that can get pushed off until later.... should get pushed back until
later.

						- Ted



Follow-Ups: References: